| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 Oct 2011 16:29:45 +1100 From: dave bl <db.pub.mail@...il.com> To: Michal Zalewski <lcamtuf@...edump.cx> Cc: full-disclosure@...ts.grok.org.uk, Valdis.Kletnieks@...edu Subject: Re: Symlink vulnerabilities On 22 October 2011 15:39, Michal Zalewski <lcamtuf@...edump.cx> wrote: >> In any case, the *right* answer isn't to play whack-a-mole fixing /tmp races, >> what you should be doing is using pam_namespace or similar so each user gets >> their own /tmp namespace. > > That would result in counterintuitive behavior, I suppose... /tmp is a > fairly stupid and largely unnecessary artifact of the old. > > If you are in charge of a distro, it would not hurt to nuke it > altogether and change all packages in your control to use per-user > $TMPDIR. Some third-party stuff will break - but it breaks every now > and then anyway. Actually in Ubuntu YAMA(Yama Linux Security Module)[0] should block /tmp symlink attacks. According to [1] "In Ubuntu 10.10 and later, symlinks in world-writable sticky directories (e.g. /tmp) cannot be followed if the follower and directory owner do not match the symlink owner. The behavior is controllable through the /proc/sys/kernel/yama/protected_sticky_symlinks sysctl, available via Yama. " [0] http://zinc.canonical.com/git?p=kees/linux-2.6.git;a=shortlog;h=refs/heads/yama [1] https://wiki.ubuntu.com/Security/Features _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists